In 12.1 rest scopes have been introduced which limit access to rest calls
In the UX these are normally added to a widget in the main config panel as below
We have some js to replace the std tag editor on a site so we no longer call
b.telligent.evolution.site.getBaseUrl() + "api.ashx/v2/aggregatetags.json",
but use a custom endpoint
b.telligent.evolution.site.getBaseUrl() + "api.ashx/v2/subtopic/listAsTags.json?
When the legacy option "Enable all REST scopes for the user interface" is disabled this if failing with the pop message as below
I realise we can add custom scopes to the custom rest endpoint as per the new developer documentation
My question is how/where do we flag these endpoints as safe as per the core one used for tag lookups when the call is made from events in theme js?